An AI decision receipt — one signed, checkable record per AI runtime decision, readable by anyone, tied to no vendor.
When an AI system decides something — answer this, refuse that, hand it to a person — someone may later need to ask: what did it decide, why, and on what basis? Today every system answers that differently, or not at all. AIREP is a small, fixed record format that answers it the same way everywhere — an AI decision receipt — so an auditor, a regulator, a customer, or a teammate on another product can read one decision and check it offline, without access to the model that made it. (AIREP is the format; AI decision receipt is the thing it produces — the way SPDX and CycloneDX are formats and an SBOM is the thing.)
Status: Experimental. AIREP is a proposed open format with one reference implementation. It is not a ratified standard. See
spec/airep/v0.1/STATUS.mdfor the maturity picture, open items, and change control.
Canonical home: https://github.com/halvrenofviryel/ai-runtime-evidence-protocol — the schema
$ids resolve as raw files under its main branch.
A record is a receipt for one decision: who decided and when (subject), what was decided on
(input), the claim and its basis (claim), the result (output), the supporting pointers
(evidence), the decision as one verb (directive), an honest statement of what it does and does
not cover (scope), and a tamper-evident stamp — hash, signature, and a chain link to the
previous record (integrity). Content stays out of the record: the question, answer, and evidence
are referenced by pointer and hash, so a record can be kept and shared without exposing regulated
data. Vendor-, model-, or domain-specific detail lives only under an optional profiles block, and
a neutrality test proves nothing leaked into the shared core.
A record proves the decision path was recorded faithfully and not altered. It does not prove
the AI's answer was correct — scope.does_not_cover keeps that boundary explicit.
It is an Experimental proposed open format with a reference implementation — see
STATUS.md. Pick your path:
- Reviewing / evaluating it? Read
EXPLAINER.md(plain-language tutorial, start here) andTHREAT_MODEL.md(every threat graded honestly —partial/none, never "defended"). Then prove it yourself:cd spec/airep/v0.1 && pip install jsonschema cryptography(Node 20+ also required), thenpython3 conformance/validate.pyandpython3 conformance/verify.py examples/chain.jsonl --pubkey examples/test_public_key.txt --class— two independent verifiers re-derive every hash byte-for-byte and you'll seesig=ok. - Adopting it (writing your own records)? Follow "Write your own record in 5 minutes" in
EXPLAINER.md: copyexamples/neutral_record.json, edit the fields, sign with your own key viaproducers/python/, and verify it. A customprofiles.<name>block works with no upstream registration — seeprofiles/README.md"Authoring your own profile". - Contributing? Read
CONTRIBUTING.md, browse thegood first issueandhelp wantedlabels (the open items fromSTATUS.mdare filed there), and report verifier / crypto flaws privately viaSECURITY.md. The most-wanted contribution is a genuinely third-party producer.
| Path | What it is |
|---|---|
spec/airep/v0.1/EXPLAINER.md |
Plain-language tutorial. Start here. |
spec/airep/v0.1/SPEC.md |
Normative specification — the binding rules. |
spec/airep/v0.1/core.schema.json |
JSON Schema (draft 2020-12) for the core record. |
spec/airep/v0.1/profiles/ |
Optional binding profiles (key trust, chain-witness/freshness, EU AI Act, NIST AI RMF, OWASP/threat, observability). |
spec/airep/v0.1/conformance/ |
Two independent verifiers (Python + Node) and a runnable validator. |
spec/airep/v0.1/examples/ |
Worked records with really-computed hashes + Ed25519 signatures, including a 5-record chain. |
spec/airep/v0.1/THREAT_MODEL.md |
What the format detects, how, and what it does not. |
producers/python/ |
Copy-paste producer — sign your own record with your own key. |
cd spec/airep/v0.1
pip install jsonschema cryptography # Python deps (Node 20+ also required for verify.mjs)
python3 conformance/validate.py # full battery: schema, neutrality, integrity, chain, tamper
python3 conformance/verify.py examples/chain.jsonl --pubkey examples/test_public_key.txt --class # Python -> sig=ok
node conformance/verify.mjs examples/chain.jsonl --pubkey examples/test_public_key.txt --class # Node -> same bytesTwo implementations on different language and crypto stacks each validate structure, run the neutrality test, re-derive every hash and agree on it byte-for-byte, and re-verify the signatures. Two independent verifiers agreeing is what makes AIREP an interchange format rather than a single-tool artifact.
The first producer of AIREP records is the Phionyx Reasoned Governance Envelope, which matures
by conforming to this format. AIREP itself carries no Phionyx-specific physics, vocabulary, or
dependency — that is the point of the neutrality test. A second, independent producer is an open
item (see STATUS.md).
See CONTRIBUTING.md. In short: the normative text and the conformance vectors
change in lockstep; breaking changes bump the version and are logged as BREAKING in STATUS.md.
- Specification text and schemas (
spec/**/*.md,spec/**/*.schema.json): CC-BY-4.0 — seeLICENSE-CC-BY-4.0.txt. - Conformance and example code (
spec/**/conformance/,spec/**/examples/): Apache-2.0 — seeLICENSE.
AIREP is intended to be freely implementable as a neutral interoperability format. The maintainer provides a royalty-free patent non-assertion covenant for implementations limited to producing, transmitting, canonicalizing, hash-chaining, signing, or verifying conformant AIREP records as defined by the neutral core specification.
This covenant does not license Phionyx runtime mechanisms, governance engines, scoring systems, model-routing logic, or any implementation-specific technology beyond the acts necessary to implement the neutral AIREP interchange record itself.
Archived on Zenodo: concept DOI 10.5281/zenodo.20475136 (always resolves to the latest version); v0.1 specifically is 10.5281/zenodo.20475137.
Machine-readable metadata is in CITATION.cff.